[systemd-devel] xfrm using systemd-networkd?
Klaus Frank
klaus+on4xg5dfnvsc2zdfozswycq at frank.fyi
Wed Nov 13 10:55:11 UTC 2024
Hi,
I've been looking into the documentation of systemd-networkd for a while
now and I'm still confused by the XFRM capabilities of it. The
documentation isn't that helpful for me right now.
Can someone please help me further understand this? Is it possible to
persist e.g. something like this using network and netdev units?
ip -6 addr add dev lo $SiteAPrivate_IP
ip -6 xfrm state add src $SiteAPublic dst $SiteBPublic proto esp spi $ID reqid $ID mode tunnel aead 'rfc4106(gcm(aes))' $KEY1 128
ip -6 xfrm state add src $SiteBPublic dst $SiteAPublic proto esp spi $ID reqid $ID mode tunnel aead 'rfc4106(gcm(aes))' $KEY2 128
ip -6 xfrm policy add src $SiteAPrivate dst $SiteBPrivate dir out tmpl src $SiteAPublic dst $SiteBPublic proto esp reqid $ID mode tunnel
ip -6 xfrm policy add src $SiteBPrivate dst $SiteAPrivate dir in tmpl src $SiteBPublic dst $SiteAPublic proto esp reqid $ID mode tunnel
ip -6 xfrm policy add src $SiteBPrivate dst $SiteAPrivate dir fwd tmpl src $SiteBPublic dst $SiteAPublic proto esp reqid $ID mode tunnel
ip -6 route add $SiteBPrivate dev eth0 src $SiteAPrivate_IP
Until now I haven't seen anything for specifying the state and policy command related settings.
Therefore I only have:
```
# /etc/systemd/network/27-xfrm.netdev
[NetDev]
Name=xfrm0
Kind=xfrm
[Xfrm]
Independent=true
InterfaceId=7
# /etc/systemd/network/27-eth0.network
[Match]
Name=eth0
[Network]
Xfrm=xfrm0
```
Sincerely,
Klaus Frank
More information about the systemd-devel
mailing list